List of usage examples for org.bouncycastle.openssl PEMParser readObject
public Object readObject() throws IOException
From source file:io.apigee.trireme.crypto.algorithms.RsaKeyPairProvider.java
License:Open Source License
@Override public PublicKey readPublicKey(String algorithm, Reader rdr) throws CryptoException, IOException { PEMParser pp = new PEMParser(rdr); try {// ww w .j a va 2 s . c o m Object po = pp.readObject(); if (log.isDebugEnabled()) { log.debug("Trying to read an {} public key and got {}", algorithm, po); } if (po instanceof SubjectPublicKeyInfo) { return convertPublicKey((SubjectPublicKeyInfo) po); } throw new CryptoException("Input data does not contain a public key"); } finally { pp.close(); } }
From source file:io.kodokojo.commons.utils.RSAUtils.java
License:Open Source License
public static X509Certificate readRsaPublicKey(Reader reader) { Security.addProvider(new BouncyCastleProvider()); try {//from w w w . j a v a 2 s .com PEMParser pemParser = new PEMParser(reader); X509CertificateHolder cert = (X509CertificateHolder) pemParser.readObject(); JcaX509CertificateConverter certificateConverter = new JcaX509CertificateConverter(); return certificateConverter.getCertificate(cert); } catch (IOException | CertificateException e) { throw new RuntimeException("Unable to extract public RAS Key .", e); } }
From source file:io.netty.example.ocsp.OcspServerExample.java
License:Apache License
private static X509Certificate[] parseCertificates(Reader reader) throws Exception { JcaX509CertificateConverter converter = new JcaX509CertificateConverter() .setProvider(new BouncyCastleProvider()); List<X509Certificate> dst = new ArrayList<X509Certificate>(); PEMParser parser = new PEMParser(reader); try {// w ww. j av a2 s . c o m X509CertificateHolder holder = null; while ((holder = (X509CertificateHolder) parser.readObject()) != null) { X509Certificate certificate = converter.getCertificate(holder); if (certificate == null) { continue; } dst.add(certificate); } } finally { parser.close(); } return dst.toArray(new X509Certificate[0]); }
From source file:io.smartspaces.util.net.SslUtils.java
License:Apache License
/** * Get an SSL socket factory that provides a client certificate for the socket * connections.//from w w w .j a v a 2 s. c om * * @param caCrtFile * file path to the certificate authority certificate * @param clientCrtFile * file path to the certificate for the client * @param clientKeyFile * file path to the private key for the client * * @return the socket factory providing the client functionality * * @throws Exception */ public static SSLSocketFactory configureSSLSocketFactory(String caCrtFile, String clientCrtFile, String clientKeyFile) throws Exception { Security.addProvider(new BouncyCastleProvider()); JcaX509CertificateConverter certificateConverter = new JcaX509CertificateConverter() .setProvider(SECURITY_PROVIDER_BOUNCY_CASTLE); // load CA certificate PEMParser reader = new PEMParser( new InputStreamReader(new ByteArrayInputStream(Files.readAllBytes(Paths.get(caCrtFile))))); X509Certificate caCert = certificateConverter.getCertificate((X509CertificateHolder) reader.readObject()); reader.close(); // load client certificate reader = new PEMParser( new InputStreamReader(new ByteArrayInputStream(Files.readAllBytes(Paths.get(clientCrtFile))))); X509Certificate cert = certificateConverter.getCertificate((X509CertificateHolder) reader.readObject()); reader.close(); // load client private key JcaPEMKeyConverter keyConverter = new JcaPEMKeyConverter().setProvider(SECURITY_PROVIDER_BOUNCY_CASTLE); reader = new PEMParser( new InputStreamReader(new ByteArrayInputStream(Files.readAllBytes(Paths.get(clientKeyFile))))); KeyPair key = keyConverter.getKeyPair((PEMKeyPair) reader.readObject()); reader.close(); // CA certificate is used to authenticate server KeyStore caKs = KeyStore.getInstance(KeyStore.getDefaultType()); caKs.load(null, null); caKs.setCertificateEntry("ca-certificate", caCert); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(caKs); // client key and certificates are sent to server so it can authenticate // the client.F KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null, null); ks.setCertificateEntry("certificate", cert); // This assumes that the client key is not password protected. We need a // password, but it could be anything. char[] password = VIRTUAL_KEYSTORE_PASSWORD.toCharArray(); ks.setKeyEntry("private-key", key.getPrivate(), password, new java.security.cert.Certificate[] { cert }); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, password); // finally, create SSL socket factory. SSLContext context = SSLContext.getInstance("TLS"); context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); return context.getSocketFactory(); }
From source file:io.spikex.core.Main.java
License:Apache License
private void createTrustStore(final YamlDocument conf) { YamlDocument confTrustStore = conf.getDocument(CONF_KEY_TRUSTSTORE); boolean generate = confTrustStore.getValue(CONF_KEY_GENERATE, DEF_GENERATE_TRUSSTORE); if (generate) { Path trustStorePath = Paths .get(confTrustStore.getValue(CONF_KEY_PATH, m_confPath.resolve(DEF_TRUSTSTORE_PATH)).toString()) .toAbsolutePath().normalize(); Path certsPath = m_confPath.resolve(DEF_TRUSTSTORE_CERTS_DIR).toAbsolutePath().normalize(); if (!Files.exists(trustStorePath) && Files.exists(certsPath)) { Provider bcProvider = Security.getProvider(BouncyCastleProvider.PROVIDER_NAME); if (bcProvider == null) { Security.addProvider(new BouncyCastleProvider()); }// w w w . j a va 2 s.c om try { // Create keystore m_logger.info("Generating truststore: {}", trustStorePath); KeyStore ts = KeyStore.getInstance(KeyStore.getDefaultType()); ts.load(null); // // Import PEM certificates // https://gist.github.com/akorobov/6910564 // try (DirectoryStream<Path> dirStream = Files.newDirectoryStream(certsPath)) { JcaX509CertificateConverter converter = new JcaX509CertificateConverter() .setProvider(BouncyCastleProvider.PROVIDER_NAME); for (Path path : dirStream) { PEMParser parser = new PEMParser(new FileReader(path.toFile())); while (true) { int index = 1; Object object = parser.readObject(); if (object != null) { if (object instanceof X509CertificateHolder) { X509Certificate cert = converter .getCertificate((X509CertificateHolder) object); m_logger.debug( "Certificate issuer: {} subject: {} serial: {} validity: {}-{}", cert.getIssuerX500Principal().getName(), cert.getSubjectX500Principal().getName(), cert.getSerialNumber(), cert.getNotBefore(), cert.getNotAfter()); // Validate cert.checkValidity(new Date()); // Alias String alias = cert.getSubjectX500Principal().getName(); if (Strings.isNullOrEmpty(alias)) { alias = "cert-" + index++; } // Save in trusstore ts.setCertificateEntry(alias, cert); m_logger.info("Imported trusted certificate: {}", alias); } } else { break; } } } } catch (CertificateException e) { m_logger.error("Failed to import trusted certificate", e); } // Save truststore String password = confTrustStore.getValue(CONF_KEY_PASSWORD, DEF_TRUSTSTORE_PASSWORD); ts.store(new FileOutputStream(trustStorePath.toFile()), password.toCharArray()); } catch (IOException | NoSuchAlgorithmException | KeyStoreException | CertificateException e) { throw new RuntimeException("Failed to create truststore: " + trustStorePath, e); } } } }
From source file:jp.pigumer.mqtt.Client.java
License:Apache License
Optional<KeyStore> loadKeyStore() {
X509Certificate cert;//from w ww . j a va2s . c o m
if (caFile == null) {
return Optional.empty();
}
try (InputStream is = caFile.getInputStream()) {
InputStreamReader isr = new InputStreamReader(is);
PEMParser parser = new PEMParser(isr);
X509CertificateHolder holder = (X509CertificateHolder) parser.readObject();
cert = new JcaX509CertificateConverter().getCertificate(holder);
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", cert);
return Optional.of(keyStore);
} catch (Exception e) {
LOGGER.log(Level.SEVERE, "failed load", e);
return Optional.empty();
}
}
From source file:net.adamcin.httpsig.ssh.bc.PEMUtil.java
License:Open Source License
/** * Read a single PEM-formatted key// w ww . j av a 2 s .c om * @param is * @param passphrase * @return * @throws IOException */ public static Key readKey(InputStream is, final char[] passphrase) throws IOException { JcaPEMKeyConverter converter = new JcaPEMKeyConverter(); PEMParser parser = null; KeyPair keyPair = null; try { parser = new PEMParser(new InputStreamReader(is)); Object o = parser.readObject(); if (o instanceof PEMEncryptedKeyPair) { PEMEncryptedKeyPair _encPair = (PEMEncryptedKeyPair) o; PEMDecryptorProvider decryptionProv = new JcePEMDecryptorProviderBuilder().build(passphrase); keyPair = converter.getKeyPair(_encPair.decryptKeyPair(decryptionProv)); } else if (o instanceof PEMKeyPair) { keyPair = converter.getKeyPair((PEMKeyPair) o); } if (keyPair != null) { if (keyPair.getPrivate() instanceof RSAPrivateKey || keyPair.getPublic() instanceof RSAPublicKey) { return new SSHKey(KeyFormat.SSH_RSA, keyPair); } else if (keyPair.getPrivate() instanceof DSAPrivateKey || keyPair.getPublic() instanceof DSAPublicKey) { return new SSHKey(KeyFormat.SSH_DSS, keyPair); } } return null; } finally { if (parser != null) { try { parser.close(); } catch (IOException ignored) { } } } }
From source file:net.adamcin.httpsig.testutil.KeyTestUtil.java
License:Open Source License
public static KeyPair getPrivateKeyAsKeyPair(String parentName, String keyName, final String passphrase) { JcaPEMKeyConverter converter = new JcaPEMKeyConverter(); File privateKeyFile = getPrivateKeyAsFile(parentName, keyName); InputStream is = null;//from w w w . ja v a 2 s .c o m PEMParser parser = null; try { is = new FileInputStream(privateKeyFile); parser = new PEMParser(new InputStreamReader(is)); Object o = parser.readObject(); if (o instanceof PEMEncryptedKeyPair) { PEMEncryptedKeyPair _encPair = (PEMEncryptedKeyPair) o; PEMDecryptorProvider decryptionProv = new JcePEMDecryptorProviderBuilder() .build(passphrase.toCharArray()); return converter.getKeyPair(_encPair.decryptKeyPair(decryptionProv)); } else if (o instanceof PEMKeyPair) { return converter.getKeyPair((PEMKeyPair) o); } } catch (Exception e) { LOGGER.error("failed to parse private key file: parent=" + parentName + " keyName=" + keyName, e); } finally { IOUtils.closeQuietly(is); IOUtils.closeQuietly(parser); } return null; }
From source file:net.etfbl.cryptodigitalcertificate.tool.util.CryptoPEMExtractor.java
public Object loadObject(String filePath) throws FileNotFoundException, IOException { PEMParser reader = new PEMParser(new InputStreamReader(new FileInputStream(filePath))); Object keyObject = reader.readObject(); reader.close();//from ww w . j a v a 2 s .c o m return keyObject; }
From source file:net.etfbl.cryptodigitalcertificate.tool.util.CryptoPEMExtractor.java
public Object loadObject(InputStream stream) throws FileNotFoundException, IOException { PEMParser reader = new PEMParser(new InputStreamReader(stream)); Object keyObject = reader.readObject(); reader.close();//from w ww. j a va 2 s .com return keyObject; }